Matt Mullenweg posted to the WordPress.org blog that WordPress 3.0.4 is available, and he is asking users to please upgrade as soon as possible. The upgrade is entirely for security reasons. He describes it in the post:
[This] is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
So, take his advice and go upgrade. I already did. It takes two seconds if you do it automatically through your dashboard.
Also, if you’re a security guru, Matt asks that you take a look at the changeset to review their work.